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DETAILED ACTION 



Claim Rejections - 35 USC §112 



The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 



Claims 1-18 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 1-3, 7-9, and 12-15 teach providing certificates based on the "position" of 
the terminal. Due to the fact that the word "position" can both mean the rank of the 
terminal as well as the actual geographic location of the terminal, it is unclear what the 
Applicant is claiming. 

Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
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obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longh 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) or 1 .321 (d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



Claims 1-3, 6-7, 12-15 and 18 are provisionally rejected on the ground of 
nonstatutory obviousness-type double patenting as being unpatentable overclaims 1-3, 
6-7, 12-15 and 18 of copending Application No. 10749042. Although the conflicting 
claims are not identical, they are not patentably distinct from each other because claims 
1-3, 6-7, 12-15 and 18, the Applicant's claims are identical to the Reference's respective 
claims (10749042), with the exception of the Reference adding a tertiary CA which 

capable of providing at least one permission certificate to the terminal based on upon at 

» 

least one characteristic of the terminal. 

More specifically, the Applicant's Claim 1 teaches a terminal, a Primary CA that 
distributes Identity Certificates, a Secondary CA that distributes role certificates and a 
server that can authenticate the terminal based on the identity certificate and the role 
certificate. The Reference teaches a terminal, a Secondary CA that distributes role 
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certificates, a Tertiary CA that distributes permission certificates and a server that can 
authenticate the terminal based on an identity certificate, a role certificate and a 
permission certificate. Although the Reference does not explicitly teach a Primary CA, 
the Examiner interprets that there is inherently a Primary CA to produce the identity 
certificates for which the server must authenticate the terminal with. 

Claim 7, teaches the method of using the system in Claim 1 . Claim 13 teaches a 
terminal that is used in the system of Claim 1 . The dependent claims of 1 , 7 and 13 are 
all mapped out to the dependent claims of Application 10749042.. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to remove the limitation of a tertiary CA , which produces permission 
certificates based on one characteristic, from the Reference to teach the Applicant's 
Claims. 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 



Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-3, 6-9, 12-18 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Juitt (US 2003/0087629). 

Regarding Claim 1, 

Juitt teaches a system comprising: a terminal capable of communicating at least 
one of within and across at least one network, wherein the terminal is included within 
an organization including a plurality of terminals, each terminal being at at least one of 
a plurality of positions within the organization; ("The mobile device 100 can be any sort of 
device that has wireless communication capability, including... telephones" Paragraph [ 0037]). 
The Examiner interprets the telephone as the terminal. The wireless telephone is 
shown as capable of communicating within and across at least one network as shown 
in Fig. 1 (Mobile Device 100 communicates with Wireless Network 105, where 
according to the background of the invention Juitt writes that 'Wireless networks 
typically include mobile devices" Paragraph [0003]). 
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Juitt teaches a primary certification authority (CA) capable of providing an identity 
certificate to the terminal, wherein the primary CA is capable of issuing an identity 
certificate to each terminal of the organization. In Paragraph [001 1] Juitt writes "the 
request [to access a protected network] might be an explicit request for access and can 
include an identifier and authentication information (e.g. a... digital certificate). The 
Examiner interprets a digital certificate that provides identifier information as an identity 
certificate. It is inherent that a CA is needed to distribute Identity Certificates. 

Juitt teaches a secondary CA capable of providing at least one role certificate to 
the terminal based upon the at least one position of the terminal within the 
organization, wherein the organization includes a plurality of secondary CA's capable 
of issuing at least one role certificate to respective groups of terminals of the 
organization based upon the at least one position of each of the respective terminals 
within the organization. ("In one embodiment, a role definerin the gateway server defines 
roles and assigns them to users. The role definer can specify network resources and degree of 
access to the protected network. . Access privileges can be differentiated for authorized users 
based on roles/' [Paragraph [0020]) The Examiner interprets the role assigner as the 
secondary CA capable of issuing role certificates based on the position of the 
respective terminals within the organization. The Examiner interprets "position" to 
mean rank or status. An example of Juitt assigning roles based on position is also 
found in Paragraph [0020] where "an 'engineer' role can be defined with full access to 
engineering department serves, but limited access to finance department servers." 
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Juitt teaches a server capable of authenticating the terminal based upon the 
identity certificate and the at least one role certificate of the terminal to thereby 
determine whether to grant the terminal access to at least one resource of the server. 
("Once the user is authenticated and assigned a role, an access controller in the 
gateway server provides access to the protected network based on the assigned role" 
Paragraph [0021], Fig. 1A Authentication Server 125). The Examiner interprets the 
authentication process is done using an identity digital certificate as described above. 

Regarding Claims 2 and 3 

Juitt teaches a system according to claim 1 , wherein the terminal comprises a 
terminal included within an organization comprising a customer base of a cellular 
service provider that includes a plurality of terminals, each terminal being at one of a • 
plurality of positions comprising a plurality of service plans offered by the cellular 
network operator. ("The wireless network 105 can support a wide variety of wireless 
networks, including cellular networks" Paragraph [0038]) It is inherent that a cellular network 
will be used by a cellular service provider. It is inherent that cellular providers have 
service plans. 



Regarding Claim 6, 
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Juitt teaches a system according to claim 1 , wherein the terminal is capable of 
requesting access to at least one resource of a server before the server authenticates 
the terminal, and wherein the server is capable of granting access to the at least one 
resource if the terminal is authenticated. ("The gateway server 120 authenticates the mobile 
device 100 utilizing its authentication subsystem 155, which may include authenticating the 
device or the user or owner of the device using an authentication server 125... the authentication 
server... determines whether the mobile device is authorized as well... thus the mobile device 
can be authorized to initiate a session with the protected network 110 via the wireless network 
105 based on the access privilege information provided by the authentication server 125." 
Paragraph [0056]) 

Regarding Claims 7-9 and 12 

The method steps correspond to the system as described in Claims 1-3, 6. 

Regarding Claims 13-18, 

Juitt teaches a terminal included within an organization including a plurality of 
terminals, each terminal being at at least one of a plurality of positions within the 
organization, the terminal comprising: a controller capable of communicating at least 
one of within and across at least one network, wherein the controller is capable of 
obtaining an identity certificate from a primary certification authority (CA) capable of 
issuing an identity certificate to each terminal of the organization, wherein the controller 
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is also capable of obtaining at least one role certificate from a secondary CA based 
upon the at least one position of the terminal within the organization, wherein the 
organization includes a plurality of secondary CA's capable of issuing at least one role 
certificate to respective groups of terminals of the organization based upon the at least 
one position of each of the respective terminals within the organization; 

and a memory capable of storing the identity certificate and at least one role 
certificate, wherein the controller is also capable of communicating with a server such 
that the server is capable of authenticating the terminal based upon the identity 
certificate and the at least one role certificate of the terminal to thereby determine 
whether to grant the terminal access to at least one resource of the server. 

(Fig. 1 shows the Mobile Device 100, further described in Paragraph [0037] as a 
telephone that "has wireless capability" and the wireless network 105 described in 
Paragraph [0038] as a cellular network. It is inherent that a cellular phone will have a 
controller capable of receiving certificates ("digital certificate" Paragraph [001 1]) and a 
controller capable of communicating with a server requesting access to resources (Fig. 
1). It is inherent that the cellular phone will have a memory capable of storing digital 
certificates. It is inherent that if the network is a cellular network then there will be 
cellular service providers that are offering cellular service plans. 



Claim Rejections - 35 USC § 103 
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The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 

USPQ 459 (1966), that are applied for establishing a background for determining 

obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 

Claims 4-5 and 10-1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over Juitt in view of the Technical Report Number 558 "A role and context based 

security model" by Yolanta Beresnevichiene pgs. 76-80 (Hereafter referred to as "the 

Technical Report") 

Regarding Claim 4, 

Juitt teaches a system according to claim 1, wherein the secondary CA is 
capable of providing at least one role certificate. Juitt does not teach having an 
associated validity time no greater than a validity time of the identity certificate provided 
by the primary CA. 



Application/Control Number: 10/748,980 Page 1 1 

Art Unit: 21 12 

The Technical Report teaches in Section 7.6.2 Life-Time (pg. 78) that "the validity 
of role certificates could be almost as long as of identity certificates." 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the system of Juitt with a role certificate with a shorter 
validity time than the identity certificate. 

The motivation to combine is that a role may change more frequently whereas an 
identity should last longer. Therefore the role certificate should have a shorter validity 
time than an identity certificate. 

Regarding Claim 5, 

Juitt and the Technical Report teach a system according to claim 4. The 
combined references do not explicitly teach that the server is capable of authenticating 
the terminal based upon the validity times of the identity certificate and at least one role 
certificate of the respective terminal. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the authentication system described in Claim 4 to further include 
the limitation of validity time. 

The motivation to modify is to provide an extra layer of access control. 



Regarding Claims 10-11, 
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The method steps correspond to the system as described in Claims 4-5. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Harris C. Wang whose telephone number is 
5712701462. The examiner can normally be reached on M-F 7:30-5, Alternate Fridays 
Off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Walter Griffin can be reached on 571 2721497. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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